You are on page 1of 12

Information Sciences 181 (2011) 3073–3084

Contents lists available at ScienceDirect

Information Sciences
journal homepage:

Meaningful secret sharing technique with authentication and

remedy abilities
Chin-Chen Chang a, Yi-Hui Chen b,⇑, Hsin-Chi Wang c
Department of Information Engineering and Computer Science, Feng Chia University, Taichung 40724, Taiwan
Department of Applied Informatics and Multimedia, Asia University, Taichung 41354, Taiwan
Department of Information and Communication Security Technology Center, Institute for Information Industry, Taipei 10622, Taiwan

a r t i c l e i n f o a b s t r a c t

Article history: Lin and Tasi, Yang et al., and Chang et al.’s meaningful secret sharing schemes provided
Received 3 December 2008 authentication mechanisms but none included a remedy ability that would cause the secret
Received in revised form 11 July 2010 image never to be completely obtained while some information of the stego-images are
Accepted 7 March 2011
losing or tampering with. This paper proposes a meaningful secret-sharing scheme which
Available online 14 March 2011
includes both authentication and remedy abilities that allow for detection of the corrupted
area and use of the hidden information to repair the secret image with reasonable visual
quality. In comparison with previous schemes, this approach results in superior visual
qualities of the stego-images by an average of more than 3 dB.
Visual quality Ó 2011 Elsevier Inc. All rights reserved.
Remedy ability

1. Introduction

The (t, n)-threshold scheme is a secret-sharing technique first invented by Shamir [12] for a dealer splitting a secret into n
shares and then distributing them to n distinct players, where t 6 n. Later, at least t shares can cooperate together to
reconstruct the secret. No information about the secret can be revealed while someone has only t  1 shares. One of the
secret-sharing techniques for digital images is visual cryptography, pioneered by Naor and Shamir in 1994 [12]. Visual cryp-
tography [1,6,8,10,11,13] is a cryptographic technique that allows the visual image to be encrypted and the visual informa-
tion to be decrypted by the human visual system, without the aid of a computer. That is, shares are printed as separate
transparencies, and the secret image can be decrypted by overlaying those transparencies. Although the original image
can appear when the transparencies are overlaid, the decrypted image is never completely identical to the original secret
image. Consequently, the technique is not suited for some sensitive domains, such as medical and military systems, because
any distortions are intolerable. In addition, the shares are similar to random noise images, which arouse censors’ notice.
To meet these requirements, several studies [2,3,5,13,14,16] have proposed hiding the shares into meaningful content
with steganography techniques, also called meaningful secret-sharing schemes. Steganography [9] is a technique for embed-
ding secrets into digital media, such as digital images, without appearing suspicious to censors. Another benefit of the
schemes is that the meaningful shares can be easier than noise-like shares for participants to distinguish in order to use
the shares to reconstruct the secret images when each participant player has a certain number of shares. Extending the
meaningful secret-sharing techniques, some researchers [4,7,17] have imported the authentication mechanisms into their

⇑ Corresponding author. Address: Department of Applied Informatics and Multimedia, Asia University, Taichung 41354, Taiwan. Tel.: +886 04
23323456x20112; fax: +886 04 23304708.
E-mail addresses: (C.-C. Chang),, (Y.-H. Chen), (H.-C. Wang).

0020-0255/$ - see front matter Ó 2011 Elsevier Inc. All rights reserved.
3074 C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084

schemes to verify the fidelity of participants’ shares before reconstructing the secret. With the authentication ability, the cor-
rupted pixels in shares are detected and marked as inauthentic areas to warn the participant players.
Applying the (t  1)-degree polynomials and steganography technique, Lin and Tsai [7] proposed a meaningful secret-
sharing scheme. Their scheme cannot be used to completely reconstruct the secret image while any pixel value in the secret
image is out of the range from 0 to 250. In addition, the visual quality, on average, ranges from 37 dB to 39 dB. To improve Lin
and Tsai’s scheme, Yang et al. [17] proposed a lossless meaningful secret-sharing scheme that provides better visual quality
than that of Lin and Tsai’s scheme ahead by an average of 2 dB. Moreover, they pointed out the weakness of Lin and Tsai’s
authentication mechanism, where the verification process will fail when unauthorized participants comply with the parity-
checking rule to generate a fake stego-image. In their improved version, Yang et al. reset the authentication rule to generate a
more secure authentication code. However, the correct rate of tamper detection achieved by their scheme is at just 0.52.
Improving Yang et al.’s scheme, Chang et al. [4] proposed a more secure authentication mechanism by using the Chinese
remainder theorem (CRT) to generate new authentication code and slightly improved the correct rate of tamper detection
to be near 0.97. Furthermore, the visual quality of Chang et al.’s scheme is close to 41 dB, which is more than that of Yang
et al.’s.
However, none of these meaningful secret-sharing schemes import both authentication and recovery mechanisms. With-
out a recovery mechanism, parts of secret image will never be obtained if a malevolent attacker tampers with the stego-
images transferring between participant parties. To make sure the information in the secret image can be retrieved even
if parts of it suffer from tampering, this paper imports a remedy mechanism for repairing the inauthentic area in a secret
image. Although the inauthentic area cannot be completely reconstructed, the visual quality of the repaired image is good
enough for authorized players to recognize the original information. In addition, the visual quality of the stego-image is, on
average, greater than 45 dB, which significantly improves the performances of the schemes [4,7,17].
The remainder of this paper is organized as follows. Section 2.1 briefly describes Shamir’s method for secret sharing. The
overview of schemes [4,7,17] are shown in Section 2.2. Our proposed meaningful secret sharing scheme, reconstruction, and
authentication and remedy abilities are portrayed in Sections 3.1–3.3, respectively. Section 4 shows the experimental results.
In these experiments, we compared our performances with those of the schemes [4,7,17]. Finally, we draw our conclusions
and further works in Section 5.

2. Related work

This section briefly illustrates the concept of Shamir’s secret-sharing scheme and reviews recent studies.

2.1. Shamir’s secret-sharing scheme

In Shamir’s scheme, a unique polynomial of degree (t  1) is fit, as shown in Eq. (1), where the secret is the first coefficient
s and the rest of the coefficients m1, m2, . . . , mt1 are selected at random. The n points, they are also called shares, are on the
curve and assigned to n distinct players. Later, any t shares, assuming their own participants’ identifications xi’s are
x1, x2, . . . , xt, can be used to reconstruct the original (t  1)-degree polynomial by using Eq. (2), so the secret s can finally
be obtained.

Fðxi Þ ¼ s þ m1  xi þ m2  x2i þ    þ mt1  xit1 ; ð1Þ

Fðx1 Þðx  x2 Þðx  x3 Þ    ðx  xt Þ Fðx2 Þðx  x1 Þðx  x3 Þ    ðx  xt Þ Fðxt Þðx  x1 Þðx  x3 Þ    ðx  xt Þ

Fðxi Þ ¼ þ þ  þ : ð2Þ
ðx1  x2 Þðx1  x3 Þ    ðx1  xt Þ ðx2  x1 Þðx2  x3 Þ    ðx2  xt Þ ðxt  x1 Þðxt  x2 Þ    ðxt  xt1 Þ

2.2. Previous works

Here, we briefly demonstrate how the schemes proposed in [4,7,17] design meaningful secret-sharing methods applying
Shamir’s method. Lin and Tsai’s scheme divides the cover image size of 2  2 pixels into several blocks Xi and treats the pixels
in the secret image as a secret message depicted as si, for i = 1 to sz, where sz is the size of the secret image. Next, the user
defines a formula as Fðxi Þ ¼ ðsi þ m1 xi þ m2 x2i þ    þ mt1 xt1
i Þ mod 251, where the value of the top-leftmost pixel in the Xi
block is treated as the value of xi, and the values of m1, m2, . . . , mt1 are chosen at random but are always less than 251. The
pixel value will be replaced with 250, while its value ranges from 250 to 255, so the quality of the reconstructed secret image
is degraded. The authentication code is generated by following the parity-checking rule. Finally, the value of F(xi) and
authentication code are embedded into the reminder pixels in block Xi with LSB (least significant bit) substitution. Unfortu-
nately, the proposed authentication procedure is weak because the fake image will always pass the verification procedure
when it is created by following the parity-checking rule.
To prevent the degraded reconstruction in Lin and Tsai’s scheme, Yang et al. improved the formula using Galois Field
GF(28) instead of GF (251) to rebuild the formula as FðxÞ ¼ ðsi þ m1 xi þ m2 x2i þ    þ mt1 xt1i Þ mod ðx8i þ x4i þ x3i þ xi þ 1Þ,
where si is the pixel value in secret image so a lossless version is proposed. Next, they used the HMAC (Hashed-based mes-
sage authentication code) to generate the authentication code for averting form the weakness in Lin and Tsai’s verification
C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084 3075

procedure. In Yang et al.’s experiments, both the visual image quality and the security issue are superior to that of Lin and
Tsai’s scheme.
In 2008, Chang et al. proposed a CRT-based (Chinese remainder theory) authentication bit generation to improve the
authentication ability of Yang et al.’s scheme. They also create the formula as Fðxi Þ ¼ ðsi þ m1 xi þ m2 x2i þ    þ mt1 xt1
i Þ
mod 251. To completely reconstruct the secret image, they apply Thien and Lin’s scheme [15] of using two pixels to present
the pixel when its value is greater than 250. For example, the pixel value 254 can be divided into two pixels: 250 and 4. Later,
the decoder must decode two successive pixels to reconstruct the original pixel value if the reconstructed pixel value is 250.
As for the experiments in Chang et al.’s scheme, all of the performances are superior to that of Yang et al.’s scheme.

3. Proposed scheme

In this section, we designed a novel scheme which can losslessly reconstruct the secret image without additional pixels no
matter what the original pixel value is. As for the schemes [4,7,17], a pixel in a secret image is presented as a parameter si put
into the Formula F(xi). In the proposed scheme, the pixel value is segmented into three pieces and then transformed into
three integers as parameters used for creating a new formula. The proposed scheme is composed of three procedures: the
first procedure is the sharing and embedding procedure, the second is the authentication procedure, and the third is the
reconstruction procedure.

3.1. Sharing and embedding procedure

The flowchart of the sharing and embedding procedure is shown in Fig. 1. A secret image S and participant’s identification
dk are input into the procedure, where all of the values dk are mutually exclusive. Assume that each pixel in the secret image
has a unique identification denoted as PID, and all the PIDs can be seen as a serial number sequence. In the shuffling phase,
the serial number sequence is shuffled by using a secret key K1, which is called a shuffled serial number sequence. As shown
in Fig. 2, the original serial number sequence and the shuffled serial number sequence are depicted as sets {1, 2, 3, 4, 5, 6, 7, 8}
and {2, 4, 6, 7, 1, 5, 8, 3}, respectively. At the same position of those two sets, two mapping PIDs are treated as a pixel-partner
pair. That is, the first sequence numbers in such two sequences are 1 and 2, so pixels with PIDs 1 and 2 are a pixel-partner
pair. For simplicity, a pixel-partner pair is denoted as (Sx, Sy), where Sx and Sy are pixel values, and x and y are the values of
In the secret-sharing phase, pixel values in the pixel-partner pair (Sx, Sy) are expressed by using 8-bit binary streams as
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
(bx bx bx bx bx bx bx bx ; by by by by by by by by Þ. Next, the bit stream ðbx bx bx bx bx bx bx bx Þ is divided into three parts, which are then
transformed into three decimal integers, ax, bx and cx, using Eq. (3).

ax ¼ b1x  22 þ b2x  21 þ b3x  20 ;

4 5 6
bx ¼ bx  22 þ bx  21 þ bx  20 ; ð3Þ
7 1 8 0
and cx ¼ bx 2 þ bx 2 :
1 2 3 4
We embed the values of by ; by ; by and by into parameters ax, bx and cx as a0x ; b0x and c0x using Eq. (4).

a0x ¼ ax þ 8  b1y ;
b0x ¼ b0x þ 8  by ; ð4Þ
0 3 1 4 0 2
and c ¼ cx þx ðby 2 þ by 2 Þ2 :

Subsequently, the parameters a0x ; b0x and c0x are used to build a formula, as in Eq. 5.

F x ðdk Þ ¼ ða0x þ b0x dk þ c0x d2k Þ mod 17: ð5Þ

After inputting the participant’s identification dk, the value Fx(dk) is returned. Since the value Fx(dk) is the key for inversing
the values a0x ; b0x and c0x , it needs to be protected for later verifying its integrity. Firstly, the value Fx(dk) is transformed into a
5-bit binary stream s1x s2x s3x s4x s5x and then we divide the 5-bit binary stream with Eq. (6) to generate three parameters as A1x ; A2x
and A3x .

Fig. 1. The flow chart of the sharing and embedding procedure.

3076 C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084

Fig. 2. An example of pixel-partner pans.

A1x ¼ s1x ;
A2x ¼ s2x  21 þ s3x  20 ; ð6Þ
and A3x ¼ s4x 1
2 þ s5x 2 :0

Next, we mixed every two of the three digits with x by using hash function to generate three parameters A e1; Ae 2 and A e3
x x x
e 1 e2
using Eq. (7), x is the value of pixels PID. Finally, the authentication codes are generated by mixing the parameters A x ; A x and
e 3 with the XOR operation, presented by the notation , to produce the authentication code ax with Eq. (8), where the LSBi
A x
function returns the values of the ith LSB.

e 1 ¼ hashðxkA2 kA3 Þ;
A x x x

A e 1 kA2 Þ;
e 2 ¼ hashðxk A ð7Þ
x x x

and A e 3 ¼ hashðxk Ae 2 kA3 Þ:

x x x

e1  A
ax ¼ LSB5 ð A e2  A
e 3 Þ  23 þ LSB6 ð A
e1  A
e2  A
e 3 Þ  22 þ LSB7 ð A
e1  A
e2  A
e 3 Þ  21 þ LSB8 ð A
e1  A
e2  A
e 3 Þ: ð8Þ
x x x x x x x x x x x x
The parameters Fx(dk), ax and by
are embedded into the cover image by using a steganography technique. Before data
embedding, the cover image is divided into several blocks of 2  2 pixels. Their corresponding location and notation for
the block Px are shown in Fig. 3, where this block is used for embedding the data generated from the xth pixel in the secret
image and its four pixels are denoted as P 1x ; P2x ; P 3x and P 4x .
Before data embedding, we let the hidden data Fx(dk), ax and by re-express as a digital decimal Dx with Eq. (9) at first. The
suffixes of Eq. (9) are 2, 17, and 17 which are the total number of possible values for Fx(dk), ax and by , respectively. For exam-
ple, the value of Fx(dk) ranges from 0 to 16 so there are totally 17 possible values; therefore, its corresponding suffix is 17.
1 2 3 4
Later, the value of Dx can be represented as ðdx dx dx dx Þ5 by using the 5-based notational system.
5 5
Dx ¼ ðF x ðdk Þ; ax ; by Þ2;17;17 ¼ F x ðdk Þ  2  17 þ ax  2 þ by : ð9Þ
1 2 3 4
Using the embedding algorithm, as shown in Fig. 4, the notations and dx ; dx ; dx
can be embedded into the pixels dx
P1x ; P2x ; P3x and P 4x , respectively, in the four-pixel block Px.
When all pixels in the secret image are embedded into the cover image, the embedded image, which we call the
stego-image and depict as Cdk, is transferred to the legal participant.

Fig. 3. Illustration of a four-pixel block.

C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084 3077

Fig. 4. The pseudo code of embedding algorithm.

3.2. Authentication procedure

Before participants join in the reconstruction procedure, the fidelity of their own shares can be verified in advance using
this procedure, and this procedure can be used to check whether the stego-image is authentic. The flowchart of this proce-
dure contains three phases, as shown in Fig. 5: the extracting phase, the authentication phase and the adjusting phase.
First, the participant’s PID value dk and his own stego-images C dk are inputted into the extracting phase. Next, the input
stego-image is divided into several blocks of 2  2 pixels, as shown in Fig. 3. The hidden data De x can be extracted using Eq.
ex ¼
D ðPix mod 5Þ  5i1 : ð10Þ

The value of D e x can be re-expressed as ð F

e x ðdk Þ; a ~5 Þ
~x ; b e
y 2;17;17 using Eq. (11). The value of F x ðdk Þ can be represented as
s1x s2x s3x s4x s5x using a 5-based notational system. Inputting the values of s1x ; s2x ; s3x ; s4x and s5x , we generate the authentication codes
ax using Eqs. (6)–(8). Finally, the authentication phase checks whether the values of ax and a ~x are equal. If they are equal, a
white pixel is output; otherwise, a black pixel is output. It is noted that the white and black pixels denote the values as
authentic and inauthentic pixels, respectively.
F x ðdk Þ ¼ De x =ð2; 17Þ;
~x ¼ ð D
a e x mod ð2  17ÞÞ=2; ð11Þ
~5 ¼ ð D
b e x mod ð2  17ÞÞ mod 2:

Fig. 5. The flow chart of the authentication procedure.

3078 C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084

The authenticated results are shown in Fig. 7(a), where some inauthentic parts are verified as authentic ones. This kind of
false detection will cause the secret image cannot be fully repaired in the reconstruction procedure. To prevent this from
occurring, we propose an adjusted mechanism. In the adjusted phase, the decoder re-scans the authenticated results and
looks up four parameters left, right, top and down as shown in Fig. 6. Next, we use those four locations to form a rectangle
with four coordinates (left, top), (right, top), (left, down) and (right, down) and force all pixels in the rectangle to be judged
inauthentic and colored black (Fig. 7(b)). Finally, the adjusted results are seen as input data into the reconstruction

3.3. Reconstruction procedure

In this procedure, only when at least three legal participants join together can the secret image be reconstructed. The
flowchart of this procedure consists of two phases, as shown in Fig. 8. For simplicity, we assume the three input stego-images
are C1, C2 and C3, and their participants’ PIDs d1, d2 and d3 are 1, 2 and 3, respectively. As described in Section 3.2, we can get
the values of F~x ðd1 Þ; eF x ðd2 Þ and e
F x ðd3 Þ from stego-images C1,C2 and C3, respectively. While the pixel is marked as authentic,
the parameters as ax ; b0x and c0x can be obtained using Eq. (12).

Fig. 6. The pseudo code of adjustment mechanism.

Fig. 7. An example of the adjustment mechanism.

Fig. 8. Flowchart of the reconstruction procedure.

C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084 3079

1 1 1
c0x ¼ eF x ðd1 Þ þ eF x ðd2 Þ þ eF x ðd3 Þ mod 17;
ðd1  d2 Þðd1  d3 Þ ðd2  d1 Þðd2  d3 Þ ðd3  d1 Þðd3  d2 Þ
d2 þ d3 d1 þ d3 d1 þ d2
b0x ¼ 1  ð e F x ðd1 Þ þ e F x ðd2 Þ þ e F x ðd3 ÞÞ mod 17; ð12Þ
ðd1  d2 Þðd1  d3 Þ ðd2  d1 Þðd2  d3 Þ ðd3  d1 Þðd3  d2 Þ
d2 d3 d1 d3 d1 d2
a0x ¼  Fe x ðd1 Þ þ  Fe x ðd2 Þ þ  Fe x ðd3 Þ mod 17:
ðd1  d2 Þðd1  d3 Þ ðd2  d1 Þðd2  d3 Þ ðd3  d1 Þðd3  d2 Þ
1 2 3 4
Next, the values of ax ; bx ; cx ; by ; by ; by and by can be found using the reconstructing algorithm shown in Fig. 9.

Fig. 9. The pseudo code of the reconstructing algorithm.

Table 1
The values generated by Eqs. (3)–(5).

X Sx Sy ax bx cx a0x b0x c0x Fx(dk)

1 120 125 3 6 0 3 14 12 3 þ 14dk þ 12d2k mod 17

2 125 120 3 7 1 3 15 13 3 þ 15dk þ 13d2k mod 17

Table 2
The corresponding embedded stego-images and corrupted stego-images generated by the corresponding parameters.

x dk Fx(dk) ax 5 Dx 1 2 3 4 Embedded stego-images Corrupted stego-images

by dx dx dx dx
P 1x P 2x P 3x P 4x P 1x P 2x P 3x P 4x

1 1 12 2 1 413 3 1 2 3 103 101 102 103 102 103 102 103

1 2 11 12 1 399 3 0 4 4 103 95 104 104 103 95 104 104
1 3 0 7 1 15 0 0 3 0 95 95 103 95 95 95 103 95
2 1 14 1 1 479 1 4 0 4 103 104 95 104 103 104 95 104
2 2 0 3 1 7 0 0 1 2 95 95 101 102 95 95 101 102
2 3 12 9 1 427 3 2 0 2 103 102 95 102 103 102 95 102
3080 C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084

The parameters ax, bx and cx can be used to reconstruct the original secret pixel as Sx = ax  8  4 + bx  4 + cx. Then the
1 2 3 4 5
copied pixel can be obtained as Sy ¼ by  27 þ by  26 þ by  25 þ by  24 þ by  23 þ 5. Two pixels Sx and Sy are output into
two images, namely the reconstructed image and the copied image. Using the secret key K1, the PIDs of the copied image will
be reordered as the same sequence as the reconstructed image. Finally, if the pixels are judged as inauthentic, the pixels in
the reconstructed image are replaced with those of copied image at the same position.
For example, a secret image has two pixels with pixel values 120 and 125. Assume that the original serial number se-
quence and the shuffled serial number sequence are as two sets {1, 2} and {2, 1}. Therefore, the pixel-partner pairs are
(1, 2) and (2, 1). The values generated from Eqs. (3)–(5), are listed in Table 1.

Table 3
The value calculated by Eqs. (10) and (11) and the corresponding authentic results.

x dk ex
D e
F x ðdk Þ e
ax e
b 5y Authentic results

1 1 338 9 16 0 Inauthentic
1 2 399 11 12 1 Authentic
1 3 15 0 7 1 Authentic
2 1 479 14 1 1 Authentic
2 2 7 0 3 1 Authentic
2 3 427 12 9 1 Authentic

Table 4
The reconstructed pixel and its repaired pixel.

X a0x b0x c0x ax bx cx 1

by by
4 5
by Reconstructed pixel Repaired pixel

2 3 15 13 3 7 1 0 1 1 1 1 125 120

Fig. 10. A secret image and five test images.

C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084 3081

As shown in Table 2, the values x and dk are input to calculate the value Fx(dk) with Eq. (5). Next, the authentication code ax
and value Dx are generated with Eqs. (6)–(9), respectively. We embed value Dx into three four-pixel groups from three dif-
ferent stego-images with the embedding algorithm as shown in Fig. 4. To simplify the description, all the pixel values in
those three stego-images are all 103. After data embedding, the embedded pixel-groups are listed below the ‘‘embedded ste-
go-images’’ field. We assume that the attackers modify some of the pixels and list below the ‘‘corrupted stego-images’’ field.
Before reconstructing the secret image, the process must evaluate whether the stego-pixels are authentic. During the
authentication procedure, the value D e x is calculated with Eq. (10). Later on, the values e ~5 can be produced
~x , and b
F x ðdk Þ; a y
by using Eq. (11). The given value Fx(dk) can generate an authentication code a ~x through Eqs. (6)–(8). If the values a ~x and
ax are the same, the pixel is authentic. As for this example, only the first pixel is inauthentic in Table 3.
Due to a four-pixel group is judged as inauthentic, the first secret pixel cannot be obtained anymore. Therefore, we skip the
inauthentic ones. Later on, we reconstruct the authentic pixel and its partner-pixel. The values of a0x ; b0x and c0x are calculated
1 2 3 4
by using Eq. (12). Subsequently, the values of ax ; bx ; cx ; by ; by ; by and by can be obtained by using the reconstructing algorithm.
1 2 3 4 5
We collect the values of by ; by ; by ; by and by to produce a repaired pixel in Table 4. Because the first pixel is inauthentic, we
replace it with the repaired pixel which PID is equal to that of the first pixel. As for the partner-pixel pair (2, 1), we know that
the inauthentic pixel’s PID value equal to 1, therefore, it can be repaired by the partner-pixel of the pixel’s PID equal to 2. In this
example, we can replace the first pixel with the second pixel’s partner-pixel so the first pixel value is repaired as 120.
Our scheme focuses on comparing the performances of schemes [4,7,17]. Although schemes [4,7,17] support authentica-
tion mechanism, they did not support any recovery mechanisms. In our proposed scheme, we define the scheme not only to
improve the visual quality but also to have a recovery mechanism. To achieve such purpose, we modify the traditional
(t, n)-secret sharing mechanism to become (3, n)-secret sharing mechanism. It also has the flexibility to expend (3, n)-secret
sharing mechanism to be (t + 2, n)-secret sharing mechanism, where 1 < t 6 n. The formula is defined as below.
F x ðdk Þ ¼ ða0x þ b0x dk þ c0x d2k þ e1 d3k þ e2 d4k þ    þ et dtþ2
k Þ mod 17, where e1, e2, . . . , et are chosen by random.

4. Experimental results

This section discusses (1) the visual qualities of stego-images, (2) the detection results when the stego-image is tampered
with, and the visual quality of the reconstructed image after repairing the corrupted area, and (3) a comparison with the

Fig. 11. Five stego-images.

3082 C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084

other existing schemes cited as [4,7,17]. The secret image with 256  256 pixels is shown in Fig. 10(a), and five cover images
with 512  512 pixels as shown in Fig. 10(b)–(f), which are ‘‘Baboon,’’ ‘‘F16,’’ ‘‘Sailboat,’’ ‘‘Lena,’’ and ‘‘Pepper,’’ respectively.
The metric of visual quality measurement is PSNR (peak signal-to-noise ratio). Its value depends on the distortions
between the original image and the compared image. In general, a higher PSNR reflects better visual quality. The PSNR is
calculated with Eq. (13), where MSE is defined as Eq. (14).

PSNR ¼ 10log 10 dB; ð13Þ
1 XX
h w
MSE ¼ ðpij p0ij Þ2 ; ð14Þ
hw i¼1 j¼1

where h and w are the height and weight of the original image, and pij and p0ij are the pixel values of the original image and its
compared image, respectively.
All the stego-images and all the PSNR values are shown in Fig. 11(a)–(e). On average, the visual quality is larger than
45.10 dB, so it is difficult for human eyes to recognize whether they are embedded with hidden data.
To prevent attackers from fooling participants into retrieving incorrect data, the authentication and repair mechanisms
are performed. Fig. 12(a)–(e) are the corrupted stego-images: in Fig. 12(a), a piece of the stego-image is cropped out, the
words ‘‘I CAN FLY’’ are inserted in Fig. 12(b), the boat sailing on the lake is removed in Fig. 12(c), some noises are added
in Fig. 12(d), and a smile shape is inserted into Fig. 12(e).
Based on Figs. 12(a)–(e), the corresponding results of tamper detection, the repaired secret images and their visual quality
after repair are shown in Table 5(a)–(e). In the results, the larger the corrupted area, the worse the visual quality of the re-
paired secret image will be. In Fig. 12(a), the 25% block is dropped out from the stego-image ‘‘Baboon,’’ and its relative detec-
tion result and repaired result is shown in Table 5(a). The words ‘‘I CAN FLY’’ in Fig. 12(b) can be detected as corrupted area as
shown in Table 5(b). The removed boat in Fig. 12(c) can be detected as modified area and repaired as shown in Table 5(c). The
detector can detect the noise areas represented in Fig. 12(d), and the detected and repaired results are shown in Table 5(d).
Finally, a smile mark covers the stego-image, as shown in Fig. 12(e), and the corrupted places are detected and repaired, as
shown in Table 5(e). As the experiments, we can observe that the visual quality of repaired image depends on what size of
the corrupted area is because larger corrupted areas will cause lower visual quality.

Fig. 12. Five corrupted stego-images.

C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084 3083

Table 5
Performances of tamper detection and repair ability.

Corrupted stego-image Tamper detection Repaired secret image PSNR of repaired secret image

(a) Baboon 46.96 dB

(b) F16 58.71 dB

(c) Sailboat 55.48 dB

(d) Lena 47.69 dB

(e) Pepper 52.82 dB

In general, the larger size of damage areas are, the lower image qualities of secret images will be. We summarize the im-
age qualities of secret images based on different percentages of the damage areas in Table 6.
The performance (visual quality, PSNR) of our stego-images compared with the schemes proposed in [4,7,17] are shown
in Table 7. All the visual qualities of the stego-images created using our proposed scheme are superior to those created by the

Table 6
The damage area and its corresponding output image quality of secret image.

Damage areas (%) Image quality of secret image

5 >55
10 >47
15 >42
20 >35
30 >30
>30 <30
3084 C.-C. Chang et al. / Information Sciences 181 (2011) 3073–3084

Table 7
Comparison of performances between our proposed scheme and schemes proposed in [4,7,17].

Schemes Baboon F16 Sailboat Lena Pepper Repair ability

Scheme [4] 40.93 40.99 40.98 40.97 40.96 No
Scheme [7] 37.71 38.35 38.49 38.60 38.29 No
Scheme [17] 40.06 40.15 40.97 41.10 40.66 No
Proposed scheme 45.10 45.11 45.10 45.12 45.12 Yes

other schemes. As for the visual quality, on average, the performance of our proposed scheme is about 6.6 dB greater than
that of the scheme proposed in [7], and about 4 dB greater than that of the schemes proposed in [4,17]. Without any tam-
pering attacks, our proposed scheme can losslessly reconstruct the secret image as well as the schemes proposed in [4,17].
Moreover, none of schemes [4,7,17] proposed any remedy abilities to repair the secret image after tamper detection.

5. Conclusions

Recently, Lin and Tsai’s, Yang et al.’s, and Chang et al.’s schemes for authentication were proposed to avert the illegal
shares from being joined into the reconstruction procedure. However, these schemes do not offer a remedy mechanism
which will be needed if a malicious attacker modifies all the images communication between the participants. As the exper-
iments here show, the remedy for the secret image remains 45 dB. In the future, we hope to propose a lossless recovery
method to completely reconstruct the secret image after the shares have undergone attacks.


[1] Y.F. Chen, Y.K. Chan, C.C. Huang, M.H. Tsai, Y.P. Chu, A multiple-level visual secret-sharing scheme without image size expansion, Information Sciences
177 (21) (2007) 4696–4710.
[2] C.C. Chang, C.C. Lin, C.H. Lin, Y.H. Chen, A novel secret image sharing scheme in color images using small shadow images, Information Sciences 178 (11)
(2008) 2433–2447.
[3] C.C. Chang, C.Y. Lin, C.S. Tseng, Secret image hiding and sharing based on the (t, n)-threshold, Fundamenta Informaticae 76 (4) (2007) 399–411.
[4] C.C. Chang, Y.P. Hsieh, C.H. Lin, Sharing secrets in stego images with authentication, Pattern Recognition 141 (10) (2008) 3130–3137.
[5] J.B. Feng, H.C. Wu, C.S. Tsai, Y.P. Chu, A new multi-secret images sharing scheme using Lagrange’s interpolation, Journal of Systems and Software 76 (3)
(2005) 327–339.
[6] W.P. Fang, Friendly progressive visual secret sharing, Pattern Recognition 41 (4) (2008) 1410–1414.
[7] C.C. Lin, W.H. Tsai, Secret image sharing with steganography and authentication, Journal of Systems and Software 73 (3) (2004) 405–414.
[8] D.C. Lou, H.K. Tso, J.L. Liu, A copyright protection scheme for digital images using visual cryptography technique, Computer Standards and Interfaces 29
(1) (2007) 125–131.
[9] Y. Lee, H. Kim, Y. Park, A new data hiding scheme for binary image authentication with small image distortion, Information Sciences 179 (22) (2009)
[10] R. Lukac, K.N. Plataniotis, Bit-level based secret sharing for image encryption, Pattern Recognition 38 (5) (2005) 767–772.
[11] M. Naor, A. Shamir, Visual cryptography, in: Advances in Cryptology-EuroCrypt’94, LNCS, vol. 950, Springer, Berlin, 1995, pp. 1–2.
[12] A. Shamir, How to share a secret, Communications of the Association for Computing Machinery (1979) 612–613.
[13] S.J. Shyu, S.Y. Huang, Y.K. Lee, R.Z. Wang, K. Chen, Sharing multiple secrets in visual cryptography, Pattern Recognition 40 (12) (2007) 3633–3651.
[14] D.S. Tsai, G. Horng, Z.H. Chen, Y.T. Huang, A novel secret image sharing scheme for true-color images with size constraint, Information Sciences 179
(19) (2009) 3247–3254.
[15] C.C. Thien, J.C. Lin, Secret image sharing, Computers and Graphics 26 (1) (2002) 765–770.
[16] C.S. Tsai, C.C. Chang, T.S. Chen, Sharing multiple secrets in digital images, Journal of Systems and Software 64 (2) (2002) 163–170.
[17] C.N. Yang, T.S. Chen, K.H. Yu, C.C. Wang, Improvements of image sharing with steganography and authentication, Journal of Systems and Software 80
(7) (2007) 1070–1076.